VMProtect Software » Forum

Posted: **Sat Dec 16, 2023 10:26 am**

Hello, To protect our code away from Harmony, we want to use method inline/flatten

e.g.

    static void Main(string[] args)
    {
       var VAR = GetInt(1)
    }

    private static int GetInt(int x)      // althrough we can use VMP's rename, but hacker can find the method through parameter ( they try to find a method that have 1 int parameter and patch it)
    {
       return x + 1;     // maybe difficult logic here.
    }

------->

Code: Select all


static void Main(string[] args)
    {
       var VAR = 1 + 1;
    }

Harmony can patch methods and apply prefix/postfix modifications, making the result of GetInt unreliable. So we want to inline the method and virtulization the whole method to prevent patch.

Do you have any suggestion to protect against Harmony's Patch? (prevent patch for our code and System assembly)

P.S. Harmony: https://github.com/pardeike/Harmony

Posted: **Sat Dec 16, 2023 10:55 am**

We've found some hacker renamed Harmony to avoid detection

Import Protection seems can protect against Harmony. （ I'm not sure, still testing)
But IIS results error when enabled Import Protection. (RVA xxx i can't remember)

Posted: **Sat Dec 16, 2023 12:20 pm**

When "Main" and "GetInt" were virtualized the "Main" doesn't call native stub of "GetInt", so any patch of "GetInt" with Harmony will not work in this case.

Posted: **Sat Dec 16, 2023 12:35 pm**

That's great, Thank you.

Posted: **Sun Dec 17, 2023 5:36 am**

Do we have any way to find out patches of System's assembly?
e.g. Encoding.UTF8.GetString, they added postfix patch to tamper the result, replace license etc.

I just found Enabling Import Protection can prevent this kind of patch.

VMProtect Software » Forum

Does vmp support method inline/flatten

Does vmp support method inline/flatten

Re: Does vmp support method inline/flatten

Re: Does vmp support method inline/flatten

Re: Does vmp support method inline/flatten

Re: Does vmp support method inline/flatten